original source: https://www.packtpub.com/books/content/drupal-7-social-networking-managing-users-and-profiles
What are we going to do and why?
Before we get started, let’s take a closer look at what we are going to do in this article and why. At the moment, our users can interact with the website and contribute content, including through their own personal blog. Apart from the blog, there isn’t a great deal which differentiates our users; they are simply a username with a blog! One key improvement to make now is to make provisions for customizable user profiles. Our site being a social network with a dinosaur theme, the following would be useful information to have on our users:
- Details of their pet dinosaurs, including:
- Date of birth
- Their details for other social networking sites; for example, links to their Facebook profile, Twitter account, or LinkedIn page
- Location of the user (city / area)
- Their web address (if they have their own website)
Some of these can be added to user profiles by adding new fields to profiles, using the built in Field API; however we will also install some additional modules to extend the default offering.
Many websites allow users to upload an to associate with their user account, either a photograph or an avatar to represent them. Drupal has provisions for this, but it has some drawbacks which can be fixed using Gravatar. Gravatar is a social avatar service through which users upload their avatar, which is then accessed by other websites that request the avatar using the user’s e-mail address. This is convenient for our users, as it saves them having to upload their avatars to our site, and reduces the amount of data stored on our site, as well as the amount of data being transferred to and from our site. Since not all users will want to use a third-party service for their avatars (particularly, users who are not already signed up to Gravatar) we can let them upload their own avatars if they wish, through the Upload module.
There are many other social networking sites out there, which don’t complete with ours, and are more generalized, as a result we might want to allow our users to promote their profiles for other social networks too. We can download and install the Follow module which will allow users to publicize their profiles for other social networking sites on their profile on our site.
Once our users get to know each other more, they may become more interested in each other’s posts and topics and may wish to look up a specific user’s contribution to the site. The tracker module allows users to track one another’s contributions to the site. It is a core module, which just needs to be enabled and set up.
Now that we have a better idea of what we are going to do in this , let’s get started!
Getting set up
As this article covers features provided by both core modules and contributed modules (which need to be downloaded first), let’s download and enable the modules first, saving us the need for continually downloading and enabling modules throughout the article.
The modules which we will require are:
These modules can be downloaded and then the contents extracted to the /sites/all/modules folder within our Drupal installation. Once extracted they will then be ready to be enabled within the Modules section of our admin area.
Users, roles, and permissions
Let’s take a detailed look at users, roles, and permissions and how they all fit together. Users, roles, and permissions are all managed from the People section of the administration area:
Within the People section, users are listed by default on the main screen. These are user accounts which are either created by us, as administrators, or created when a visitor to our site signs up for a user account. From here we can search for particular types of users, create new users, and edit users—including updating their profiles, suspending their account, or delete them permanently from our social network.
Once our site starts to gain popularity it will become more difficult for us to navigate through the user list. Thankfully there are search, sort, and filter features available to make this easier for us. Let’s start by taking a look at our user list:
(Move the mouse over the image to enlarge.)
This user list shows, for each user:
- Their username
- If their user account is active or blocked (their status)
- The roles which are associated with their account
- How long they have been a member of our community
- When they last accessed our site
- A link to edit the user’s account
Users: Viewing, searching, sorting, and filtering
Clicking on a username will take us to the profile of that particular user, allowing us to view their profile as normal. Clicking one of the headings in the user list allows us to sort the list from the field we selected:
This could be particularly useful to see who our latest members are, or to allow us to see which users are blocked, if we need to reactivate a particular account.
We can also filter the user list based on a particular role that is assigned to a user, a particular permission they have (by virtue of their roles), or by their status (if their account is active or blocked). This is managed from the SHOW ONLY USERS WHERE panel:
Creating a user
Within the People area, there is a link Add user, which will allow us to create a new user account for our site:
This takes us to the new user page where we are required to fill out the Username, E-mail address, andPassword (twice to confirm) for the new user account we wish to create. We can also select the status of the user (Active or Blocked), any roles we wish to apply to their account, and indicate if we want to automatically e-mail the user to notify them of their new account:
Editing a user
To edit a user account we simply need to click the edit link displayed next to the user in the user list. This takes us to a page similar to the create user screen, except that it is pre-populated with the users details. It also contains a few other settings related to some default installed modules. As we install new modules, the page may include more options.
Inform the user!
If you are planning to change a user’s username, password, or e-mail address you should notify them of the change, otherwise they may struggle the next time they try to log in!
Suspending / blocking a user
If we need to block or suspend a user, we can do this from the edit screen by updating their status toBlocked:
This would prevent the user from accessing our site. For example, if a user had been posting inappropriate material, even after a number of warnings, we could block their account to prevent them from accessing the site.
Why block? Why not just delete?
If we were to simply delete a user who was troublesome on the site, they could simply sign up again (unless we went to a separate area and also blocked their e-mail address and username). Of course, the user could still sign up again using a different e-mail address and a different username, but this helps us keep things under control.
Canceling and deleting a user account
Also within the edit screen is the option to cancel a user’s account:
On clicking the Cancel account button, we are given a number of options for how we wish to cancel the account:
The first and third options will at least keep the context of any discussions or contributions to which the user was involved with. The second option will unpublish their content, so if for example comments or pages are removed which have an impact on the community, we can at least re-enable them. The final option will delete the account and all content associated with it.
Finally, we can also select if the user themselves must confirm that they wish to have their account deleted. Particularly useful if this is in response to a request from the user to delete all of their data, they can be given a final chance to change their mind.
Bulk user operations
For occasions when we need to perform specific operations to a range of user accounts (for example, unblocking a number of users, or adding / removing roles from specific users) we can use the Update options panel, in the user list to do these:
From here we simply select the users we want to apply an action to, and then select one of the following options from the UPDATE OPTIONS list:
- Unblock the selected users
- Block the selected users
- Cancel the selected user accounts
- Add a role to the selected users
- Remove a role from the selected users
Users are grouped into a number of roles, which in turn have permissions assigned to them. By default there are three roles within Drupal:
- Anonymous users
- Authenticated users
The anonymous and authenticated roles can be edited but they cannot be renamed or deleted. We can manage user roles by navigating to People | Permissions | Roles:
The edit permissions link allows us to edit the permissions associated with a specific role. To create a new role, we simply need to enter the name for the role in the text box provided and click the Add role button.
(For more resources on Drupal, see here.)
The permissions section provides us with a grid view for roles and the available permissions. This allows us to see at a glance which roles can do what, and also allows us to quickly change the permissions of multiple roles:
This screen is particularly useful once new modules are installed; we can simply visit this page and select which roles should have permissions related to that module.
Permissions work on a “granted” basis; if a user is a member of a role which has a particular permission, then they have that permission. If they are members of other roles as well which don’t have that permission, it won’t make any difference.
Creating customizable user profiles
The provisions within Drupal for dynamically extending the fields available for content aren’t just limited to content; we can also change the fields related to a users profile. These fields can be set up to allow the user to add another instance of the field. If for example, we have a field for the name of their dinosaur, they could duplicate this to add one for each of their dinosaurs. However, it doesn’t support duplicating a group of fields (such as dinosaur’s name, breed, date of birth, and hobbies), so we will use a field collection (a module we downloaded) for that.
From our initial planning earlier in this , there are two fields we can create using the default field functionality—location of the user, and their web address:
- To manage the fields associated with a user’s profile, we need to go to Configuration | People |Account settings and then click the MANAGE FIELDS tab:
- From here we can add fields just as we did to content types earlier in the book; let’s start with adding the user’s web address—we will make it a field which can be duplicated in case they wish to list more than one website they have.
- We start by adding the label for the field, the name for the field, and selecting Text as the type of data to be stored in the field:
- Once we click the Save button to save the field, we are prompted to supply the maximum length of the field:
- After clicking Save field settings, we are then taken to the screen to edit the field in more detail. On this screen, we should select that the field is to be displayed on the registration form:
- We also want to change the number of values to Unlimited, which allows the user to enter as many of their web addresses as they wish:
- We should then repeat this process for the user’s location, except we should leave the Number of values option as 1.
Listing your dinosaurs
To allow our users to enter multiples of a group of fields, we need to create a field collection, thanks to our newly downloaded module:
After entering the new field details and clicking save, we are taken to a confirmation screen (as there are no specific settings, such as field length) to set. After clicking Save field settings (a confusingly named button in light of the lack of settings) we are taken to the edit field screen, where we can select it as a field to be displayed on the registration form, and as a field we want the user to be able to enter multiple values of.
The field collection we have created is simply a container for a group of fields; we now need to go and setup the fields for our field collection. These can be managed from Structure | Field-collections, this screen lists all field-collections which have been created and allows us to manage their fields:
If we click the manage fields link, we are taken to the standard screen for adding and managing fields for a content type or for user profiles, which we are already familiar with. From here we should create fields for:
- Name of the dinosaur
- Breed of dinosaur
- Date of birth
All of the fields should have theirNumber of values setting set to 1 , except for the Hobbies box, which we would want to allow any number of.
Unfortunately at the time of writing, field collections don’t display on the registration page, and instead only work on the users profile itself, and are added and managed by the user viewing their own profile.
Linking to other social network profiles
The Follow module which we downloaded and installed allows our users to enter their profiles for various social networks; this includes the following social networks out of the box:
The actual links to these social networking sites are displayed in a block, which needs to be enabled. We need to go to Structure | Blocks, and from here we need to find the Follow User block, and select it to be part of the Sidebar second region (remember to click Save at the bottom of the page to save the changes):
Profile in action
If we now take a look at a profile with these new fields and options, you can see the web addresses, location, links to follow the user on other social networking sites, and their pet dinosaurs:
Additional dinosaurs can be added using the Addlink, from which the details can be added and any number of hobbies listed:
Finally, the social networking links can be edited from the My follow links tab:
Globally recognized avatars: Enabling Gravatars
Gravatars are globally recognized avatars (an avatar being a small picture used to represent a user when making comments or posts), and are very popular among blogs and forums, with many blog and forum systems supporting Gravatars. Gravatars enable users to use the same avatar across all socially-oriented sites they use, should they wish to.
The settings for this module are accessed through Configuration | People | Gravatar. Configuration options available include:
- What default should be used if a user doesn’t have a Gravatar
- The preferred size for Gravatars to be displayed within the site
- Which sort of s are permitted (based off Gravatars maturity filter)
The following screenshot shows these configuration options:
Now when a user edits their profile they are presented with an option to either upload an avatar or if they have a valid Gravatar associated with their e-mail address, whether to use that instead:
Tracking user activity
The tracker module allows users to view the recent contributions of a user to the site, by clicking the Tracktab on their profile:
This is particularly useful if a user finds another user’s posts interesting; they can use this to find other contributions the user made in the hope that they too will be interesting. This however, is primitive user interaction, as it is only one-way; we will look at full user interaction later in the book.
User centric home page
Once a user has logged into the site we will want to redirect them to a stream of user activity, to truly take them into the social network. We can do this using actions and triggers. At the moment we don’t have a stream of activity, so we will set it up to take them to their own profile page for now.
Triggers are events on our site, such as a user logging in. Through the trigger settings we can assign anaction to happen when the event is triggered. Actions are managed from Configuration | System |Actions. To redirect the user when they log in we need to create an advanced action, Redirect to URL:
To redirect the user to their profile page, we should enter user as the URL, and click Save:
Once we have created our action we can associate it with a trigger. Triggers are managed in Structure |Triggers, and we need to select the User tab to list triggers related to user events.
From here we select the newly created Redirect to URL action from the TRIGGER: AFTER A USER HAS LOGGED IN section:
Once we click Assign, the action is bound to the user login trigger.
Working with login blocks
These instructions for redirecting the user won’t work when you try logging in through a login block on the page. There are two ways around this:
- remove the login block and force the user to use the login page
- update the login block HTML to match the HTML on the main login page. More information can be found on the Drupal website, including a patch around the issue and HTML to replace the login block, athttp://drupal.org/node/286668 .
The final user and profile related feature we have left is the user account settings area, which is managed from Configuration | People | Account settings. From here we can:
- Change the name given to users who are not logged in
- Change the administrator role
- Set who can register user accounts, and if e-mail or administrator verification is required
- Set the default action when a user opts to cancel their own account
- Enable or disable user signatures
- Enable, disable, and configure user pictures
- Configure e-mails which are sent out to users when:
- Their account is created by an administrator
- Their account is pending approval
- Their account has been created
- Their account has been activated
- Their account has been blocked
- To confirm their account cancelation
- Their account has been canceled
- They have forgotten their password
We have now expanded our social networking site to allow users to sign up and customize their experience on the site. This included custom user profiles complete with links to their profiles on other social networking sites and details of their pet dinosaurs. We used globally recognized avatars to automatically pull in our user’s Avatar if they have one. A custom home page was set for our logged in users, and we enabled the viewing of recent contributions from other members.
We also looked through features to make it possible for us, as administrators, to manage our users, including creating and editing user profiles, deleting and canceling user accounts, updating the e-mails sent to our users on key events (registration, forgotten password, and so on), as well as the management of user roles and permissions.